wannacry | e79e8c14c51dc0251e22d9976e3e3bde818b6c97d7147a50ad14d305056ac8b8 | Triage

Submit
Reports

Overview

overview

Static

static

3

c699a6766b...18.dll

windows7-x64

c699a6766b...18.dll

windows10-2004-x64

Sharing

General

Target

c699a6766bc5a0c79b2af6c029b89618_JaffaCakes118
Size

5.0MB
Sample

240828-lmyzysvfll
MD5

c699a6766bc5a0c79b2af6c029b89618
SHA1

e670824bf9a744f58688bdc91fd5578d91a5f370
SHA256

e79e8c14c51dc0251e22d9976e3e3bde818b6c97d7147a50ad14d305056ac8b8
SHA512

ff8d3e06602345d21684b07927b09a17f5f1b6573aa42e67bc05bdccc62bf73c63f1a6d9d38da0e7fd252960228cfe223d9f0a4eaaf0ace3cd0c71406136bda9
SSDEEP

49152:znAQqMSPbcBVC/1INRx+TSqTdX1HkQo6SAARdhnvxJM0H9PAMEc:TDqPoBA1aRxcSUDk36SAEdhvxWa9P5

Score

10^/10

wannacry discovery ransomware worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c699a6766bc5a0c79b2af6c029b89618_JaffaCakes118.dll

Resource

win7-20240704-en

wannacry discovery ransomware worm

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

c699a6766bc5a0c79b2af6c029b89618_JaffaCakes118.dll

Resource

win10v2004-20240802-en

wannacry discovery ransomware worm

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  c699a6766bc5a0c79b2af6c029b89618_JaffaCakes118
- Size
  
  5.0MB
- MD5
  
  c699a6766bc5a0c79b2af6c029b89618
- SHA1
  
  e670824bf9a744f58688bdc91fd5578d91a5f370
- SHA256
  
  e79e8c14c51dc0251e22d9976e3e3bde818b6c97d7147a50ad14d305056ac8b8
- SHA512
  
  ff8d3e06602345d21684b07927b09a17f5f1b6573aa42e67bc05bdccc62bf73c63f1a6d9d38da0e7fd252960228cfe223d9f0a4eaaf0ace3cd0c71406136bda9
- SSDEEP
  
  49152:znAQqMSPbcBVC/1INRx+TSqTdX1HkQo6SAARdhnvxJM0H9PAMEc:TDqPoBA1aRxcSUDk36SAEdhvxWa9P5
Score

10^/10

wannacry discovery ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3142) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

wannacrydiscoveryransomwareworm

behavioral2

wannacrydiscoveryransomwareworm

© 2018-2024

Terms | Privacy